Professional Documents
Culture Documents
antivirus
User's Guide
BitDefender Antivirus Scanner for Unices
Legal Notice
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage and retrieval system, without written
permission from an authorized representative of BitDefender. The inclusion of brief quotations in reviews may be
possible only with the mention of the quoted source. The content can not be modified in any way.
Warning and Disclaimer. This product and its documentation are protected by copyright. The information in this
document is provided on an “as is” basis, without warranty. Although every precaution has been taken in the preparation
of this document, the authors will not have any liability to any person or entity with respect to any loss or damage
caused or alleged to be caused directly or indirectly by the information contained in this work.
This book contains links to third-party Websites that are not under the control of BitDefender, therefore BitDefender
is not responsible for the content of any linked site. If you access a third-party website listed in this document, you
will do so at your own risk. BitDefender provides these links only as a convenience, and the inclusion of the link does
not imply that BitDefender endorses or accepts any responsibility for the content of the third-party site.
Trademarks. Trademark names may appear in this book. All registered and unregistered trademarks in this document
are the sole property of their respective owners, and are respectfully acknowledged.
BitDefender Antivirus Scanner for Unices
Table of Contents
End User Software License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
1. Conventions Used in This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
1.1. Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
1.2. Admonitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
2. Book Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
3. Request for Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
v
BitDefender Antivirus Scanner for Unices
vi
BitDefender Antivirus Scanner for Unices
vii
BitDefender Antivirus Scanner for Unices
viii
End User Software License Agreement
ix
End User Software License Agreement
x
End User Software License Agreement
LIMITED WARRANTY. BitDefender warrants a 30 day fault free period for the media
on which BitDefender is distributed as of the date BitDefender has been delivered to
you. Any breach of this warranty shall only result in BitDefender replacing the faulty
media, at its sole discretion, upon receipt of the said media, or refunding the
BitDefender price. BitDefender does not warrant either the uninterrupted or error free
operation of BitDefender or the correction of possible errors. BitDefender does not
warrant that BitDefender will meet your requirements.
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, BitDefender
DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT
TO THE PRODUCTS, ENHANCEMENTS, MAINTENANCE THEREOF OR SUPPORT
RELATED THERETO, OR ANY OTHER MATERIALS (TANGIBLE OR INTANGIBLE)
OR SERVICES THAT IT HAS SUPPLIED. BitDefender HEREBY EXPRESSLY
DISCLAIMS ANY IMPLIED WARRANTIES AND CONDITIONS, INCLUDING,
WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INTERFERENCE,
ACCURACY OF DATA, ACCURACY OF INFORMATIONAL CONTENT, SYSTEM
INTEGRATION, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS BY
FILTERING, DISABLING, OR REMOVING SUCH THIRD PARTY'S SOFTWARE,
SPYWARE, ADWARE, COOKIES, EMAILS, DOCUMENTS, ADVERTISEMENTS OR
THE LIKE, WHETHER ARISING BY STATUTE, LAW, COURSE OF DEALING,
CUSTOM AND PRACTICE, OR TRADE USAGE.
DISCLAIMER OF DAMAGES. Anyone using, testing, or evaluating BitDefender shall
bears all risks as to the quality and performance of BitDefender. Under no
circumstances shall BitDefender be liable for any damages of any kind, including,
without limitation, direct or indirect damages arising out of the use, performance, or
delivery of BitDefender, even if BitDefender has been advised of the existence or
possibility of such damages.
SOME STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY
FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION
OR EXCLUSION MAY NOT APPLY TO YOU.
UNDER NO CIRCUMSTANCES SHALL BitDefender'S LIABILITY EXCEED THE
PURCHASE PRICE PAID BY YOU FOR BITDEFENDER. The disclaimers and
limitations set forth above shall apply regardless of whether you accept to use, evaluate,
or test BitDefender.
IMPORTANT NOTICE TO USERS. THIS SOFTWARE IS NOT FAULT-TOLERANT
AND IT IS NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS
ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. THIS
SOFTWARE IS NOT INTENDED FOR USE IN THE OPERATION OF AIRCRAFT
xi
End User Software License Agreement
xii
Preface
Preface
This User's Guide is intended for all those who have chosen to use BitDefender
Antivirus Scanner for Unices as a security solution for their systems. The information
presented in this book is suitable not only for computer literates, but also for anyone
who can do administrative tasks on a Linux or FreeBSD system.
This book will describe for you BitDefender Antivirus Scanner for Unices, will guide
you through the installation process, will teach you how to configure it in detail. You
will find out how to use, update, interrogate, test and customize BitDefender Antivirus
Scanner for Unices. You will also learn how to integrate it with various software and
how to get the best from BitDefender.
We hope this will be a pleasant and useful reading.
Appearance Description
variable Variables and some numerical data are printed
in monospaced characters.
http://www.bitdefender.com The URL link is pointing to some external
location, on http or ftp servers.
<support@bitdefender.com> E-mail addresses are inserted in the text for
contact information.
Chapter 4 “Installation” (p. 15) This is an internal link pointing towards a location
inside the document.
filename File and directory names are printed in a
monospaced font.
xiii
Preface
Appearance Description
ENV_VAR Environment variables are printed in MONOSPACED
CAPITALS.
emphasized Emphasized texts are especially marked to draw
your attention.
“quoted text” Quoted texts are provided as reference.
command Inline commands are printed in strong
characters.
Command examples are printed in strong
# command -parameter
monospaced characters within a specially
marked environment. The prompt can be one of
the following:
1.2. Admonitions
Admonitions are graphically marked, in-text notes drawing your attention to additional
information related to the respective paragraph.
Note
A note is just a short observation. Although you can omit it, a note can provide valuable
information, such as specific features or a link to a related topic.
Important
This is information which requires your attention and should not be skipped. It usually
is non-critical, but significant information.
Warning
This is critical information you should treat with increased caution. Nothing bad will
happen if you follow the directions. You should read and understand the warning,
because it describes something extremely risky.
xiv
Preface
2. Book Structure
The book consists of several parts covering several major topics: Description,
Installation and Removal, Command Line Interface Scanner, Graphical User Interface
Scanner and Getting Help. Moreover, a glossary and UNIX manual pages are provided
to clarify different aspects of BitDefender, which might raise technical issues.
Description. A short introduction to BitDefender Antivirus Scanner for Unices. You
are presented with the BitDefender Antivirus Scanner for Unices, its features, the
product components (bdscan, bdgui) and the basics of the integration, filtering
mechanism and graphical interface.
Installation and Removal. Step-by-step instructions on how to install BitDefender
Antivirus Scanner for Unices on a system. Starting with the prerequisites of a successful
installation, you are guided through the entire installation process. Finally, the uninstall
procedure is described in case you need to uninstall BitDefender.
Command Line Interface Scanner. Description of the administration and usage of
the command line interface scanner. This is a presentation of the BitDefender
configuration file and of how to get run-time information, test the antivirus efficiency,
perform updates and register the product. You are also presented real life usage
scenarios, covering various aspects: detecting malware on your system, several
desktop and e-mail server integration procedures, setting the antivirus to scan files
directly from the file manager or the e-mail passing through your local e-mail server.
Manual pages are included for quick and convenient reference. Whenever you find
examples of commands in BitDefender Antivirus Scanner for Unices, the manual
pages will provide you with valuable help in understanding all the options and actions.
Graphical User Interface Scanner. Description of the administration and usage of
the graphical user interface scanner. This is a presentation of how to configure the
antivirus scanning, perform updates and register the product.
Getting Help. Where to look and where to ask for help if something unexpected
appears.
Glossary. The Glossary tries to explain some technical and uncommon terms you
will find in the pages of this book.
xv
Preface
this book or how you think it could be improved, to help us provide you with the best
documentation possible.
Let us know your opinions and suggestions by sending an e-mail at
<documentation@bitdefender.com>.
Note
You can find out the latest by visiting the BitDefender Unix blog at
http://unices.bitdefender.com/.
xvi
Description and Features
1. Product Features
Purchasing and installing an antivirus product for your personal or your company's
systems is the most efficient way of preventing the infection of a computer and the
spreading of viruses inside and outside the network it is connected to.
BitDefender Antivirus Scanner for Unices is the solution BitDefender offers for the
antivirus protection of mixed networks. It uses the most advanced multi-platform virus
inspection technology which scans for viruses and other malware on your personal
system.
It consists of two major elements:
bdscan. The on-demand scanner, intended for command line or shell scripts, features
manual scan of individual files or entire file systems, malicious code detection and
removal. After each scan, the program displays a detailed report on positive virus
detections. Thanks to the advanced features of the BitDefender scan engines, new,
undiscovered threats can be detected and immediately eliminated from the system.
All the files specified in the command line are scanned using the BitDefender scan
engines. The scan engines detect all the viruses from common files, archives or
mailboxes. BitDefender features built-in support for more than 80 packed files formats,
including RAR, ZIP, ARJ, LZH, LHA, ACE, GZIP, TARGZ, JAR, UUE, MIME or CAB
archives, no matter how they were created (self-extractable, multivolume, etc). If an
infection is found, the file will be treated according to the selected option (disinfection,
deletion, isolation in the quarantine area or just reporting) and notifications will be sent
to the console, as well as to the log file. To ensure superior and efficient antivirus
protection, BitDefender Antivirus Scanner for Unices was designed with a built-in
update function.
bdgui. The graphical user interface scanner helps you scan your computer very
easily. It allows you to configure the antivirus scanning in accordance with your needs,
to perform updates and register the product.
3
01 Description
and Features
Product Features
4
CLI Scanning Mechanism Description
and Features 02
• Disinfect. BitDefender will try to disinfect the object by removing the infected or
suspected part. The action can sometimes fail.
• Quarantine. The object will be moved from its original location to a secured
directory, the Quarantine.
• Delete. The object will be simply removed from the filesystem.
• Ignore. Even if infected objects are found, BitDefender will just report them and no
action will be performed.
By default, bdscan will scan inside archives, mail boxes and packed programs. If this
behavior is not desirable, command line options are available for you to disable scan
target types selectively --no-archive, --no-mail and --no-pack, respectively.
If the scanning path is a directory, bdscan will recursively descend in sub-directories
and scan the files found. The recursion depth can be specified in a command line or
it can be entirely disabled.
More Info
You can find out more about the supported command line options in the bdscan(8)
manual page.
5
02 Description
and Features
CLI Scanning Mechanism
6
Installation and Removal
3. Prerequisites
BitDefender Antivirus Scanner for Unices can be installed on:
These packages include all the necessary pre-install, post-install, pre-remove and
post-remove scripts. The adequate package type should be installed according to the
distribution.
Hardware Requirements
Processor type
x86 compatible, minimum 166 MHz, but do not expect a great performance in
this case. An i686 generation processor, at 300MHz, would make a better choice.
Memory
The minimum accepted value is 128 MB, but, for improved performance, the
recommended value is 256 MB.
9
03 Installation and
Removal
Prerequisites
Internet connection
Although BitDefender Antivirus Scanner for Unices will run with no Internet
connection, the update procedure will require an active HTTP link, even through
a proxy server. Therefore, the Internet connection is a MUST to keep your
protection up to date.
Software Requirements
Linux requirements
The supported Linux kernel versions are 2.2, 2.4 or 2.6, but the recommended
one is 2.6.
BitDefender requires at least glibc version 2.3 and libstdc++ from the gcc 3.x
series.
FreeBSD requirements
The supported FreeBSD versions are 5.4-RELEASE and higher, and
6.0-RELEASE and higher.
FreeBSD 4 is no longer supported.
Hardware Requirements
Processor type
x86 or amd64 compatible, 500MHz or higher.
Memory
The minimum accepted value is 128 MB. For improved performance, the
recommended value is 256 MB.
10
Prerequisites Installation and
Removal 03
Free disk space
The minimum free disk space required to install and run BitDefender Antivirus
Scanner for Unices is 64 MB. However, the log and the quarantine directories
could require more space.
Internet connection
Although BitDefender Antivirus Scanner for Unices will run with no Internet
connection, the update procedure will require an active HTTP link, even through
a proxy server. Therefore, the Internet connection is a MUST to keep your
protection up to date.
Software Requirements
Linux requirements
The Linux kernel should be 2.4 or 2.6 (recommended).
BitDefender requires at least glibc version 2.6 and libfontconfig version 2.4.2.
FreeBSD requirements
The supported FreeBSD versions are 6.0-RELEASE and higher.
BitDefender-Antivirus-Scanner-{ver}.{os}.{arch}.{pkg}.run
Note
The archive name may also contain the nogui string. This indicates that the archive
does not contain the graphical user interface scanner.
Variable Description
{ver} This is the package version. For example, 7.5-3 is version 7,
subversion 5, package build 3.
{os} This is the operating system identifier. It indicates that the
package can be installed on a Linux distribution compiled with
a specific version of the gcc compiler (for example,
11
03 Installation and
Removal
Prerequisites
Variable Description
linux-gcc4x) or on a specific version of FreeBSD (for example,
freebsd6).
{arch} This specifies the processor architecture. i586 is the current
development version.
{pkg} This refers to the package management tool used to install the
files. This may be rpm, deb, ipk or tbz.
The naming convention for the self-extactable .run archive is the same, regardless
of whether the archive includes the packages for a Linux distribution or for FreeBSD.
However, the naming convention of the packages depends on the operating system
they are to be installed on.
bitdefender-scanner_{ver}.{arch}.{pkg}
bitdefender-scanner-gui_{ver}.{arch}.{pkg}
12
Prerequisites Installation and
Removal 03
Red Hat (.rpm) packages
• Command line interface scanner package:
bitdefender-scanner-{ver}.{arch}.rpm
bitdefender-scanner-gui-{ver}.{arch}.rpm
bitdefender-scanner-{ver}.tbz
bitdefender-scanner-gui-{ver}.tbz
{ver} is the package version. For example, 7.6.3 is version 7, subversion 6, package
build 3.
13
03 Installation and
Removal
Prerequisites
14
Installation Installation and
Removal 04
4. Installation
This section explains how to install BitDefender Antivirus Scanner for Unices on Linux
or FreeBSD systems. This is pretty straightforward: get the appropriate package, test
it for integrity, then install it.
• rpm for distributions using the Red Hat Linux package manager
• deb for distributions using the Debian Linux packaging system
• ipk, a generic packaging system, a portable method for Linux systems that do not
use deb and rpm
The FreeBSD package is a tbz (.tar.bz2) compressed archive. There is one package
for FreeBSD 5 (only the command line interface scanner is supported) and there are
two packages for FreeBSD 6 (one for the CLI scanner and one for the GUI scanner).
These packages are included in self-extractable archives with the .runextension,
which you can easily install.
15
04 Installation and
Removal
Installation
# sh BitDefender-Antivirus-Scanner-{ver}.{os}.{arch}.run --check
Verifying archive integrity... MD5 checksums are OK. All good.
If you get a different answer (an error), please download the package again.
For rpm packages, you have to import the key into the rpm key ring, using the following
command:
If you want to check an rpm package, just issue a command similar to the following.
You should get no error.
In case you are using the deb packages, you have to run only one command for all
deb files.
16
Installation Installation and
Removal 04
4.2.3. Test FreeBSD tbz Package
When installing the package downloaded from the BitDefender servers, you should
run md5 on the package and compare the output with the value in the .md5 file. This
file is located in the same directory you downloaded the package from.
• Directly install the packages. As a general guideline, you have to first install the
command line interface scanner and then the graphical user interface scanner.
# sh BitDefender-Antivirus-Scanner-{ver}.{os}.{arch}.run
This will unpack the BitDefender files (engines, core, etc.), the install and uninstall
scripts, and it will launch the installer, which, in turn, will install all BitDefender
components, as described in the next section.
Installer
After unpacking the archive, the installer is launched. This is a text-based installer,
created to run on very different configurations. Its purpose is to install the extracted
packages at their locations and to configure BitDefender Antivirus Scanner for Unices
for the first time, asking you just a few questions. To accept the default values the
installer offers (which is recommended), just press the ENTER key.
17
04 Installation and
Removal
Installation
First, the License Agreement is displayed. You are invited to read the full content by
pressing the SPACE bar to advance one page or ENTER for one line a time. In order to
continue the installation process, you must read and accept this License Agreement,
by literally typing the word accept when prompted. Note that typing anything else or
nothing at all means you do not agree with the License Agreement and the installation
process will stop.
Once you have accepted the License Agreement terms, the installer will begin the
installation process. Basically, it will install the engines, the binaries and the
documentation and it will make the post-install configuration. This is a short list of its
actions on your system.
After the command line interface scanner is installed, you will be prompted whether
to install the graphical user interface scanner. If you do not want to install the GUI
scanner, type N and then press the ENTER key. Otherwise, just press the ENTER key.
Additional Parameters
For the not-so-impatient user, the self-extractable archive supports a few command
line parameters, described in the following table.
Parameter Description
--help Prints short help messages.
--info Prints archive information, such as the title, the default target directory,
the embedded script to be run after unpacking, the compression method
used, the uncompressed size, the date of packaging.
--list Prints the content of the embedded archive. The listed files are the
engines, the program binaries, the embedded documentation, the
install and uninstall script along with their size and permissions.
--check This is one of the most useful options, because it enables the user to
verify the package integrity, as stated above. The integrity is checked
by comparing the embedded md5 checksum (generated during
packaging) with the one computed at the time of the check. If they
match, the output will be the following:
18
Installation Installation and
Removal 04
Parameter Description
MD5 checksums are OK. All good.
--confirm The user will be asked to confirm every step of the install process.
--keep By default, the archive content is extracted to a temporary directory,
which will be removed after the embedded installer exits. Passing this
parameter to the script will not remove the directory.
- - t a r g e t You can specify another directory to extract the archive to, if you don't
directory want to use the default name. Note that this target directory will not be
removed.
--uninstall Runs the embedded uninstaller script instead of the normal installer.
To find out more about the uninstalling procedure, please refer to
Chapter 5 “Uninstall” (p. 23).
1. Install the command line interface scanner by running the following command in
the directory the package is located in:
# rpm -i bitdefender-scanner-{ver}.{os}.{arch}.rpm
2. If you want to use the graphical user interface scanner too, install it by running the
following command in the directory where the package is located:
# rpm -i bitdefender-scanner-gui-{ver}.{os}.{arch}.rpm
19
04 Installation and
Removal
Installation
1. Install the command line interface scanner by running the following command in
the directory the package is located in:
# dpkg -i bitdefender-scanner_{ver}.{os}.{arch}.deb
2. If you want to use the graphical user interface scanner too, install it by running the
following command in the directory the package is located in:
# dpkg -i bitdefender-scanner-gui_{ver}.{os}.{arch}.deb
1. Install the command line interface scanner by running the following command in
the directory the package is located in:
# /opt/ipkg/bin/ipkg-cl install \
bitdefender-scanner_{ver}.{os}.{arch}.ipk
2. If you want to use the graphical user interface scanner too, install it by running the
following command in the directory the package is located in:
# /opt/ipkg/bin/ipkg-cl install \
bitdefender-scanner-gui_{ver}.{os}.{arch}.ipk
20
Installation Installation and
Removal 04
4.3.5. Install FreeBSD Packages
To install BitDefender Antivirus Scanner for Unices on a FreeBSD system, follow these
steps:
1. Install the command line interface scanner by running the following command in
the directory the package is located in:
# pkg_add bitdefender-scanner-{ver}.tbz
2. Only FreeBSD 6.x systems. If you want to use the graphical user interface scanner
too, install it by running the following command in the directory the package is
located in:
# pkg_add bitdefender-scanner-gui-{ver}.tbz
21
04 Installation and
Removal
Installation
22
Uninstall Installation and
Removal 05
5. Uninstall
There are two ways to remove BitDefender Antivirus Scanner for Unices from your
system:
• Using the original self-extractable installation archive. This is the easiest and the
recommended method.
• Directly uninstall the installed packages (rpm, deb, ipk or tbz). As a general
guideline, you have to first uninstall the graphical user interface scanner and then
the command line interface scanner.
# sh BitDefender-Antivirus-Scanner-{ver}.{os}.{arch}.run --uninstall
You must confirm your choice by pressing the Y and the ENTER keys.
First, the graphical user interface scanner is removed. Then, the command line interface
scanner is removed. Finally, a message informs you when the uninstall process has
been successfully completed. At that point, the system should be restored to the same
condition it was in before the installation of BitDefender Antivirus Scanner for Unices.
23
05 Installation and
Removal
Uninstall
1. Remove the graphical user interface scanner (if installed) by running the following
command:
# rpm -e bitdefender-scanner-gui
2. Remove the command line interface scanner by running the following command:
# rpm -e bitdefender-scanner
If you want to, you can remove only the graphical user interface scanner and continue
to use the command line interface scanner.
1. Remove the graphical user interface scanner (if installed) by running the following
command:
# dpkg -r bitdefender-scanner-gui
2. Remove the command line interface scanner by running the following command:
# dpkg -r bitdefender-scanner
If you want to, you can remove only the graphical user interface scanner and continue
to use the command line interface scanner.
24
Uninstall Installation and
Removal 05
1. Remove the graphical user interface scanner (if installed) by running the following
command:
2. Remove the command line interface scanner by running the following command:
If you want to, you can remove only the graphical user interface scanner and continue
to use the command line interface scanner.
1. Only FreeBSD 6.x systems. Remove the graphical user interface scanner (if
installed) by running the following command:
# pkg_delete bitdefender-scanner-gui-{ver}
2. Remove the command line interface scanner by running the following command:
# pkg_delete bitdefender-scanner-{ver}
On FreeBSD 6.x systems, you can also use pkg_deinstall, part of sysutils/portupgrade,
as follows:
1. Remove the graphical user interface scanner (if installed) by running the following
command:
# pkg_deinstall bitdefender-scanner-gui
25
05 Installation and
Removal
Uninstall
2. Remove the command line interface scanner by running the following command:
# pkg_deinstall bitdefender-scanner
26
Command Line Interface Scanner
6. Configuration File
The system-wide configuration of BitDefender Antivirus Scanner for Unices is stored
inside a file located at /etc/BitDefender-scanner/bdscan.conf on Linux systems
and at /usr/local/etc/bitdefender-scanner/bdscan.conf on FreeBSD systems.
There is another configuration file, located inside the user's home directory, at
~/.config/BitDefender-scanner/bdscan.conf, which is loaded after the system
configuration. Therefore, the user can partially or even totally override the system
settings.
The files are standard UNIX-style configuration files, based on key=value pairs, each
pair on a single line.
A typical file on a Linux machine could be the following.
# By default bdscan scans all the files, but giving the "--ext"
29
06 Command Line
Interface
Configuration File
Scanner
# If you use an HTTP proxy, uncomment the following line and specify
# the [[DOMAIN\]USERNAME[:PASSWRD]@]SERVER[:PORT] of the proxy
# server.
# e.g.: HttpProxy = myuser:mypassword@proxy.company.com:8080
#HttpProxy =
# Uncomment the following line after you insert your license key
#Key = enter_your_key_here
The available keys, their default values and description are presented in the table
below. Some keys might not be present at a certain moment as their default values,
defined internally, may need no change.
Key Description
InstallPath This is the path to the installation directory, which is set up
during the installation process.
UpdateHttpLocation The update location is the URL of the BitDefender update
server, used when performing the triggered update.
Default: http://upgrade.bitdefender.com/update71
HttpProxy If a proxy server is required for Internet connection during
updates, set this key accordingly. There is no default value.
30
Configuration File Command Line
Interface 06
Scanner
Key Description
The quarantine directory can be specified at run-time using
the --quarantine=path option.
The default quarantine path is located at
/opt/BitDefender-scanner/var/quarantine.
LogName The log file contains all the output messages normally sent to
STDOUT. The new log will be appended to the end of the last
one at the following scan. If you want to clear the log file before
scanning, you must use the --log-overwrite command line
option.
The log file can also be specified at run-time, using the
--log=logfile option.
The default log file is located at
/opt/BitDefender-scanner/var/log/bdscan.log. If the
user does not have the right to write it, the location becomes
~/.local/share/BitDefender-scanner/logs/bdscan.log.
Extensions The extensions list, with colon-separated items, specifies the
file types to scan, identified by their extensions, when using
the --ext command-line parameter.
The list can be specified at run-time using the
--ext=ext1:ext2 option. To force the scanning of all files,
regardless of the Extension directive, you must use the --ext=:
form in the command line.
ExcludeExtensions This list, with colon-separated items, specifies the file types to
be excluded from scanning, identified by their extensions.
The list can be specified at run-time using the
--exclude-ext=ext1:ext2 option.
Key This is the license key, necessary for product activation.
31
06 Command Line
Interface
Configuration File
Scanner
Key Description
Product Registration
Please refer to Chapter Product Registration (page 63) for
more information about license keys.
32
Testing BitDefender Command Line
Interface 07
Scanner
7. Testing BitDefender
You can verify that BitDefender Antivirus Scanner for Unices works properly with the
help of a special test file, known as the EICAR Standard Anti-virus Test file. EICAR
stands for the European Institute of Computer Anti-virus Research. This is a dummy
file, detected by antivirus products.
There is no reason to worry, because this file is not a real virus. All that EICAR.COM
does when executed is to display the text EICAR-STANDARD-ANTIVIRUS-TEST-FILE
and exit.
The reason we do not include the file in the package is that we want to avoid generating
any false alarms for those who use BitDefender or any other virus scanner. However,
the file can be created using any text editor, provided the file is saved in standard
MS-DOS ASCII format and is 68 bytes long. It might also be 70 bytes if the editor adds
CR/LF at the end. The file must contain the following single line:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save the file under any name with the .COM extension, for example EICAR.COM. You
can keep the EICAR.COM in a safe place and test the system protection periodically.
# bdscan EICAR.COM
The output will indicate that one file has been scanned, found infected and that the
virus was identified You will see the virus name: EICAR-Test-File (not a virus).
Since no action was specified, the file EICAR.COM is still on your hard disk.
33
07 Command Line
Interface
Testing BitDefender
Scanner
Results:
Folders :0
Files :1
Packed :0
Archives :0
Infected files :1
Suspect files :0
Warnings :0
Identified viruses:1
I/O errors :0
# gzip -9 EICAR.COM
# bdscan EICAR.COM.gz
BitDefender will unpack the archive and scan its content. This will be the command
output:
34
Testing BitDefender Command Line
Interface 07
Scanner
Results:
Folders :0
Files :2
Packed :0
Archives :2
Infected files :1
Suspect files :0
Warnings :0
Identified viruses:1
I/O errors :0
# bdscan mail.mbox
The e-mail messages in the mailbox will be read one by one, the attachments will be
unpacked, their content will be extracted and, finally, scanned. BitDefender will display
the subject of the infected e-mail, its date and the infected attachments.
35
07 Command Line
Interface
Testing BitDefender
Scanner
Results:
Folders :0
Files :9
Packed :0
Archives :6
Infected files :1
Suspect files :0
Warnings :0
Identified viruses:1
I/O errors :0
36
Real Life Usage Command Line
Interface 08
Scanner
As you can see below, one file was scanned and found infected, the virus was identified
and it was moved to the quarantine directory. As verbose messages were requested,
the name of the plugins used are also displayed.
You can use another action, such as disinfect, to try to disinfect the file first. Since
not all files can be disinfected, you can try next to quarantine or even delete it.
Of course, you can use the ignore action (which is the equivalent of not specifying
an action at all) and you will only be prompted when viruses are found. This behavior
is extremely useful on read-only filesystems, such as optical disks (CD-ROM, DVD)
or network filesystems mounted read-only.
37
08 Command Line
Interface
Real Life Usage
Scanner
Results:
Folders :0
Files :1
Packed :0
Archives :0
Infected files :1
Suspect files :0
Warnings :0
Identified viruses:1
I/O errors :0
top_dir
|-- documents
| |-- document1.doc
| `-- document2.doc
|-- programs
| |-- program1.exe
| `-- program2.exe
`-- file.exe
If you to scan the downloaded_files directory, but not its sub-directories, the recursion
level will be 1. You might also want to quarantine the infected files, to study them later.
38
Real Life Usage Command Line
Interface 08
Scanner
The screen output below shows the files scanned, found infected and finally
quarantined. Please note that the two sub-directories were not scanned.
Results:
Folders :3
Files :5
Packed :0
Archives :0
Infected files :5
Suspect files :0
Warnings :0
Identified viruses:1
I/O errors :0
39
08 Command Line
Interface
Real Life Usage
Scanner
Only the malware found will be displayed on the screen, but the log file will contain
one line about every file scanned and its status. You can easily grep for “infected”
and “suspected” keywords to see related report.
This is the beginning of the log file.
//
// BitDefender scan report
//
// Time: Fri Jan 27 15:24:03 2006
// Command line: --log=/tmp/bdscan.log --no-list /
// Core: AVCORE v1.0 (build 2266) (i386) (Mar 1 2005 19:34:16)
// Engines: scan: 13, unpack: 4, archive: 39, mail: 6
// Total signatures: 266776
//
/bin/dd ok
/bin/cp ok
/bin/df ok
/bin/ed ok
/bin/du ok
/bin/ln ok
/bin/ls ok
...
Actions on Archives
Please note that some actions, such as disinfect, might fail when archives are
scanned. This happens because BitDefender will not try or will not manage to recreate
the archive after removing objects from it. Several closed-source compression algorithms
are only free for uncompression and they require a valid license and registration for
compression. Therefore, BitDefender can only unpack such an archive.
40
Real Life Usage Command Line
Interface 08
Scanner
As you can see, BitDefender reports to have scanned more files. This happens because
each archive should be unpacked separately. You can also see which engine processes
each unpacking and scanning step.
Results:
Folders :0
Files :6
Packed :1
Archives :4
Infected files :1
Suspect files :0
Warnings :0
Identified viruses:1
I/O errors :0
41
08 Command Line
Interface
Real Life Usage
Scanner
Results:
Folders :0
Files :9
Packed :0
Archives :6
Infected files :1
Suspect files :0
Warnings :0
Identified viruses:1
I/O errors :0
8.2. Report
You can request reports regarding the product’s activity, status, known virus signatures
or version.
42
Real Life Usage Command Line
Interface 08
Scanner
# bdscan --info
Using the pager's facilities, you can navigate inside the list or search for a virus name.
43
08 Command Line
Interface
Real Life Usage
Scanner
# bdscan --version
BitDefender will display the product's name, version and build number, architecture
and copyright information.
You will be prompted for a password twice. Pick out a simple password, as encryption
is only used to scramble the file, not to protect it.
44
BitDefender Integration Command Line
Interface 09
Scanner
9. BitDefender Integration
BitDefender Antivirus Scanner for Unices is a versatile antivirus scanning solution,
which can be integrated with desktop and e-mail server software to perform an instant
target scan.
By pressing the F2 key, you can easily access a user menu from which you can add
extra features to the Midnight Commander. The menu can be edited by selecting
Command → Edit menu file. You will be asked whether to edit the Local or the
Home menu. Choose the Home menu so that changes are available in any directory.
The menu file will be opened in an editor. Go to the end of the file and append the lines
below. Pay special attention to the blank spaces at the beginning of each line.
+ t rd & x /opt/BitDefender-scanner/bin/bdscan
s Scan with BitDefender
bdscan --no-list %s
echo -n "Press ENTER to continue..."
read
45
09 Command Line
Interface
BitDefender Integration
Scanner
[Desktop Entry]
Name=BitDefender
Encoding=UTF-8
ServiceTypes=all/allfiles,inode/directory
TryExec=bdscan
Terminal=false
TerminalOptions=
Type=Application
Actions=Scan_With_BitDefender;
Icon=bitdefender
46
BitDefender Integration Command Line
Interface 09
Scanner
9.1.3. Krusader
Krusader is an advanced twin panel (commander style) file
manager for KDE, similar to Midnight or Total Commander
(formerly Windows Commander), with many extras. It provides
all the file-management features you could possibly want.
—Krusader home page
When using Krusader, you can right-click a file or directory and select from the context
menu Konqueror menu → Actions → Scan with BitDefender. This will work if you
have followed the instructions in Section KDE Konqueror (page 46).
If not, Krusader offers its own way, called Useractions. You can add a new user action
from the menu Settings → Configure Krusader; then, in the User Actions tab, press
New Action and make the following changes:
47
09 Command Line
Interface
BitDefender Integration
Scanner
9.1.4. ROX-Filer
ROX is a fast, user friendly desktop which makes extensive use
of drag-and-drop. The interface revolves around the file manager,
or filer, following the traditional Unix view that 'everything is a
file' rather than trying to hide the filesystem beneath start menus,
wizards, or druids.
—ROX-Wiki
ROX-Filer provides a SendTo context menu, to open the selected file with the desired
program. In this case, the program will be a shell script, wrapping BitDefender and
displaying its output in a terminal window.
Copy the following shell script, name it BitDefender and save it in the
~/.rox_choices/SendTo/ directory.
#!/bin/sh
# BitDefender ROX-Filer integration script
# Copyright (C) 1996-2008 BitDefender SRL. All rights reserved.
48
BitDefender Integration Command Line
Interface 09
Scanner
read"
You can right-click a file or a directory, select Send to → BitDefender menu and the
scanning process will start. When the scan is finished, you will need to close the
window, after reading the output messages.
9.1.5. Pine
Pine® - a Program for Internet News & Email - is a tool for
reading, sending, and managing electronic messages.
—Pine Information Center
To scan an e-mail from a mail user agent, you have to save the message in the
filesystem and scan that file. Fortunately, these actions can be done automatically,
by using a shell script. Save the following file to a convenient location, such as the
BitDefender installation directory, /opt/BitDefender-scanner. Name it bdscanpipe
and remember the full path to it: /opt/BitDefender-scanner/bin/bdscanpipe.
#!/bin/sh
# BitDefender STDIN scanner integration script
# Copyright (C) 1996-2008 BitDefender SRL. All rights reserved.
49
09 Command Line
Interface
BitDefender Integration
Scanner
EXIT=$?
If you want to be able to scan e-mail messages from Pine using BitDefender, you have
to change your Pine settings to enable Unix pipe commands. To do so, follow these
steps.
Start Pine and type S (for Setup), then C (for Config). Use the down-arrow key to find
and highlight enable-unix-pipe-cmd (somewhere under Advanced Command
Preferences) and enable this preference by typing X. Type E (for Exit Setup) and Y
when asked to Save Changes.
Now, in the Index screen and when displaying the e-mail, there is one more command:
| Pipe, ready to be tested.
1. When an e-mail message is displayed or in the Index screen, press the | Pipe key
(Shift+\).
2. The entire message must be sent to the filter, so press Control+W (Raw text). The
status line should display the message: Pipe RAW message X to :.
3. Type the full path to the filter, not only the script name. For example:
/opt/BitDefender-scanner/bin/bdscanpipe. Press ENTER.
The full e-mail will be piped to the BitDefender filter, which will temporarily save it on
the filesystem and scan the resulting file with bdscan. After the scan, the output results
will be displayed by Pine and they will indicate whether the e-mail was infected or not.
When you have finished reading the messages, pressE to Exit the viewer.
50
BitDefender Integration Command Line
Interface 09
Scanner
As stated before, it would be better to request that Pine automatically scan the
messages and instruct it what to do when an infected e-mail message is found. In this
way, every new message will be scanned and treated accordingly, which will reduce
their displaying speed.
Possible actions to be taken on infected e-mail:
• Set a keyword (e.g. Infected) and add an IndexColor rule to highlight the message
tagged with this keyword.
• Move the e-mail to a safe location, to study it carefully.
• Remove the e-mail.
1. Type S (for Setup), then R (for Rules) and F (for Filters). Then press A (Add) to
add a new rule.
3. Select Current Folder Type → Email to apply the rule to all e-mail folders. You
can also select Message is New (Unseen)? → Yes, to only scan new e-mail
messages, therefore increasing the overall scanning speed.
4. Scroll down to External Categorizer Commands and set the following values:
• Command: /opt/BitDefender-scanner/bin/bdscanpipe
• Exit Status Interval: (1,254)
5. Scroll down to Filter Action and select Move. You must specify the folder the
infected e-mail is to be moved to.
6. Finally, select Set New Status → Clear this state and Features →
dont-stop-even-if-rule-matches. Type E (for Exit) and Y when asked to Save
Changes.
From now on, when a new e-mail message is received, it will be piped to the
BitDefender filter and, if found infected, it will be moved to a safe location.
51
09 Command Line
Interface
BitDefender Integration
Scanner
9.1.6. Evolution
Evolution makes the tasks of storing, organizing, and retrieving
your personal information easy, so you can work and
communicate more effectively with others. It's a highly evolved
groupware program, an integral part of the Internet-connected
desktop.
—Evolution User Guide
You can set Evolution to scan e-mail messages with BitDefender by using e-mail
Filters. In this way, any newly downloaded message will be sent to scanning.
First, add a new filter rule: Tools → Filters..., then press Add. Name the rule Scan
with BitDefender and add to the If panel the rule Pipe to Program. Fill in the program
name, /opt/BitDefender-scanner/bin/bdscanpipe, and set the condition returns
greater than and value 0.
Next, in the Then panel, you will
set the action to be taken on
infected e-mail. For example, you
can move it to a special folder
(named Infected), set a color code
to mark it or just delete it.
Once the filter is configured, any
new e-mail will be piped into the
scanning filter. If you want to scan
only some e-mail messages, add Evolution Filter Configuration
corresponding rules to the If panel.
To manually scan a highlighted message, press Control+Y keys.
52
BitDefender Integration Command Line
Interface 09
Scanner
9.1.7. KMail
KMail is a fully-featured e-mail client that fits nicely into the K
Desktop Environment, KDE. It has features such as support for
IMAP, POP3, multiple accounts, powerful filters, PGP/GnuPG
privacy, inline attachments, and much more.
—KMail website
To integrate BitDefender with KMail, use the wizard in the Tools → Anti-virus Wizard...
menu. This will autodetect BitDefender and will automatically configure the filters to
pipe any message. A script will add an X-Virus-Flag header to the message, with
values Yes or No, depending on whether the e-mail is infected or not.
If you do not want to use the
wizard, you can manually add the
filter rule. Follow these steps:
1. Go to Settings → Configure
filters....
4. In the Filter Actions panel, select Pipe Through and type kmail_bitdefender.sh
in the textbox.
5. Select the Apply to incoming message and Apply on manual filtering check
boxes.
#!/bin/sh
# BitDefender KMail integration script
# Copyright (C) 1996-2008 BitDefender SRL. All rights reserved.
53
09 Command Line
Interface
BitDefender Integration
Scanner
# Scan it with BitDefender, filter the output and echo the header
if $BDSCAN $TMPFILE | grep -q infected; then
echo "X-Virus-Flag: yes"
else
echo "X-Virus-Flag: no"
fi
You can even customize this filter yourself. You can add a convenient button on the
toolbar to call the filter on a highlighted message
54
BitDefender Integration Command Line
Interface 09
Scanner
9.2.1. Qmail-Scanner
Qmail-Scanner is an add-on that enables a Qmail e-mail server
to scan all gateway-ed e-mail for certain characteristics (i.e. a
content scanner).
—Qmail-Scanner website
Qmail-Scanner Installation
Qmail-Scanner supports many installation options, for fine-grained qmail integration.
Please refer to the documentation for further instructions.
Enter the directory where you have unpacked the Qmail-Scanner archive, and run the
following command:
Once configuration is done, you can install Qmail-Scanner by running the following
command:
# ./configure --install
Having done this, you can start testing Qmail-Scanner by sending test e-mail messages
to a local account. You should watch the logs for possible errors.
9.2.2. MailScanner
A Free Anti-Virus and Anti-Spam Filter.
—MailScanner website
MailScanner Installation
Please refer to the on-line or printed MailScanner documentation for details on its
installation.
55
09 Command Line
Interface
BitDefender Integration
Scanner
Once you have a working MailScanner installed on your server, open its configuration
file /opt/MailScanner/etc/MailScanner.conf (for a default location) and find the
line below:
Change it as follows:
9.2.3. amavisd-new
amavisd-new is a high-performance interface between mailer
(MTA) and content checkers: virus scanners, and/or
SpamAssassin.
—amavisd-new website
amavisd-new supports BitDefender for e-mail scanning by default. All you have to do
is make sure to install all the prerequisites (mainly additional perl modules), then install
amavisd-new according to the instructions in its documentation.
Before using it in real situations, it would be better for you to check that BitDefender
was properly detected. Therefore, run the command below and watch for the line
indicating that bdscan has been found.
# amavisd-new debug
This is all you have to do. You can test mail server integration using EICAR e-mail
messages.
56
BitDefender Integration Command Line
Interface 09
Scanner
amavisd-new Installation
Please refer to the amavisd-new documentation for a detailed description of its installation
and configuration.
57
09 Command Line
Interface
BitDefender Integration
Scanner
58
Updates Command Line
Interface 10
Scanner
10. Updates
BitDefender Antivirus Scanner for Unices was designed with triggered update
capabilities. Nowadays, the risk of getting infected is high, both because new viruses
appear and because the existing ones keep spreading. This is why your antivirus must
be kept up to date. To do so, you must periodically check the BitDefender servers for
new updates.
# bdscan --update
/opt/BitDefender-scanner/var/lib/scan/Plugins/emalware.ivd ........
...................................................... updated
/opt/BitDefender/var/lib/scan/Plugins/update.txt updated
Update succeeded.
59
10 Command Line
Interface
Updates
Scanner
# crontab -e
00 02 * * * /opt/BitDefender-scanner/bin/bdscan --update
All you have to do now is to signal the cron daemon to reload the crontables. Run the
command below and look for the process-id of crond, located in the second column.
With the process-id (PID) in mind, issue the following command to signal the crond
daemon. Replace PID with the corresponding process-id value.
60
Updates Command Line
Interface 10
Scanner
#!/bin/sh
# BitDefender update script, using cron service
# Copyright (C) 1996-2008 BitDefender SRL. All rights reserved.
# Place this script under one of the following directories for daily
# or even hourly updates (find their equivalents on your system if
# they do not exactly match):
# /etc/cron.daily
# /etc/cron.hourly
You can even try to manually run the script, to test whether it works properly.
HttpProxy = your.proxy.server:port
61
10 Command Line
Interface
Updates
Scanner
released every day, containing all of the scanning engines and virus signatures updates
up to the release date. You can use this archive to update BitDefender.
Let BDPATH be the path to the BitDefender Antivirus Scanner for Unices installation
directory. For Linux systems BDPATH is /opt/BitDefender-scanner, while for FreeBSD
systems BDPATH is /usr/local/bitdefender-scanner. To update the product
manually, follow these steps:
1. Download the update files. Download the cumulative.zip file from one of the
following locations and save it somewhere on your disk when prompted.
• For 32-bit systems: http://download.bitdefender.com/updates/update_av32bit/
• For 64-bit systems: http://download.bitdefender.com/updates/update_av64bit/
2. Extract the updates. Extract the content of the zip archive to the
$BDPATH/var/lib/scan/ directory, overwriting the existing files with the newer
ones, if necessary.
3. Set file owner and permissions. After extracting the zip archive, you must set
the proper owner and permissions, by running the following commands:
62
Product Registration Command Line
Interface 11
Scanner
Key = 00112233445566778899
Simply replace the old key value with the new one and save the file.
# bdscan --info
63
11 Command Line
Interface
Product Registration
Scanner
commercial implications whatsoever. For example, the Personal License, allows you
to scan your personal laptop or desktop computer but NOT TO USE IT IN A
PRODUCTION ENVIRONMENT, SUCH AS AN OFFICE COMPUTER OR A COMPANY
SERVER.
64
Best Practices Command Line
Interface 12
Scanner
1. After installing BitDefender Antivirus Scanner for Unices, perform a triggered update
to get the latest virus signatures and engines, as described in Section Triggered
Update (page 59).
2. Perform a full system scan to find any already infected objects. Use the guidelines
in Chapter Real Life Usage (page 37).
3. Make sure the license key has not expired and get a new one before the expiring
date. Read more about license keys in Chapter Product Registration (page 63).
4. If you are using cron or another method to do regular updates, make sure the job
scheduler really works and that you always get the latest updates.
5. When using the quarantine action, which moves infected objects to the quarantine
directory, keep an eye on it. Periodically check the directory size, since it can grow
rapidly and you could run out of disk space. Take a look at the files BitDefender
has found infected. You could simply remove them if you are sure they are infected,
you can double check them (the suspected objects can be false positive alarms)
and you can send them to BitDefender Antivirus Lab, as described below, for
in-depth analysis.
6. Use BitDefender Antivirus Scanner for Unices to scan all the files you have from
untrusted sources, such as the Internet, web browsing or the e-mail. Scan the
documents, archives, programs and anything else that could contain malicious
code. Periodically perform a full system scan.
7. Send all suspected objects to BitDefender Antivirus Lab, at
<virus_submission@bitdefender.com>, for a prompt response to malware threats.
To prevent this kind of e-mail from being filtered by an antivirus protecting e-mail
servers, you should archive the suspected object, encrypt the archive and send
them both, together with the key.
65
12 Command Line
Interface
Best Practices
Scanner
66
Frequently Asked Questions Command Line
Interface 13
Scanner
Yes, for manpage integration, BitDefender Antivirus Scanner for Unices will
alter several system files (man.config and manpath.config), if they are found
on the system. It will also create certain symlinks in the /etc and /usr/bin
directories for Linux and in /usr/local/etc and /usr/local/bin directories
for FreeBSD.
2. Usage
1. My bdscan program has found a virus in a file, but it does not disinfect it,
although I know it can be done. Why does it not disinfect the file?
The --action command line option, whose default value is ignore, can be
used to specify the action to be applied when a virus is found. Other possible
values are disinfect, delete, quarantine or ignore.
Please note that there are a lot of malicious applications, included in the malware
category, which cannot be disinfected because of their internal structure and
behavior. Therefore, if bdscan finds such a piece of malware, it is recommended
that you delete the file infected with it.
Run the following command and look for the line indicating the time of the last
update:
# bdscan --info
67
13 Command Line
Interface
Frequently Asked Questions
Scanner
3. When I try to update the virus definitions/scanning engines, I always get this
message: “No update available”. Why?
Make sure you are not running the update as an unprivileged user, (i.e. not
root), because, if this is the case, you do not have the right to write in the
Plugins directory. This is normal and secure behavior.
Another possibility would be that there really are no updates available at that
time, which may happen if you run updates very often.
4. How often are updates released and how can I always get the latest updates?
How do I know when updates are released?
5. When I try move infected or suspected files to the quarantine zone, I get a
“move failed” message in the log file. Why?
Make sure you have the proper rights with respect to the quarantine directories,
i.e. the directories must be writable by those who want to use the quarantine
facility. The default install creates the quarantine directories with rwx access
rights for all users. If you are an admin of the Linux system, and you use the
quarantine facility, make sure to check those directories from time to time, and
delete all unnecessary files, to free up disk space.
68
Manual Pages Command Line
Interface
Scanner
Manual Pages
69
Command Line Manual Pages
Interface
Scanner
70
bdscan Manual Pages
bdscan
bdscan — BitDefender Antivirus Scanner for Unices
Synopsis
bdscan [ --action= disinfect | quarantine | delete | ignore ] [--no-archive] [--no-mail]
[--no-pack] [--no-recursive] [--follow-link] [--recursive-level=level]
[--archive-level=level] [--ext[=ext1:ext2]] [--exclude-ext[=ext1:ext2]] [--suspect-copy]
[--suspect-move] [--quarantine=quarantine_path] [--conf-file=conf_file]
[--log[=file.log]] [--log-overwrite] [--no-list] [--no-warnings] [--verbose] [--update]
[--force-insecure-update] [--virus-list] [--info] [--version] [--encode=password] [--help]
path-to-scan
Description
bdscan is the console of the BitDefender virus scanner for Unices. It may come as a
standalone package, as well as integrated in the BitDefender mail or file server antivirus
suite.
BitDefender Antivirus Scanner for Unices is mainly used scan files against any kind
of viruses, trojans, worms or other malware. It uses the most advanced scanning
engine technology to provide high rates of detection, reliability and speed.
The user can choose to move to quarantine directories, disinfect or delete the infected
and suspected files. bdscan also has the capacity to scan inside mailboxes for infected
attachments.
Options
path-to-scan
The path to scan can be a list of files and directories, separated by white spaces.
--action
Specifies the action to be performed when an infected object is found. See the
Actions section for action details.
--no-archive
Specifies that bdscan should not scan inside archives.
71
Manual Pages bdscan
--no-mail
Specifies that bdscan should not scan inside mailboxes.
--no-pack
Specifies that bdscan should not scan inside packed programs.
--no-recursive
Specifies that bdscan should not enter sub-directories for scanning. If you select
this option only the first level directories will be scanned.
--follow-link
Instructs bdscan to scan symbolic links.
--recursive-level=level
Sets the maximum recursion level to level. The default value is 0, meaning no
limitation.
--archive-level=level
Set the maximum archive depth level to level. The default value is 12.
--ext[=ext1:ext2]
Specifies that bdscan should only scan files the extensions of which are specified
in the list or in the configuration file, under the Extensions keyword. To force the
scanning of all files, regardless of the Extension directive, you must use the
--ext=: from in the command line.
--exclude-ext[=ext1:ext2]
Specifies that bdscan should exclude from scanning the files the extensions of
which are specified in the list. If the list is empty, the extensions from the
configuration files are to be used.
--suspect-copy
Specifies that bdscan should copy the suspected files to quarantine.
--suspect-move
Specifies that bdscan should move the suspected files to quarantine.
--quarantine=path
Sets the quarantine directory, where infected files are stored when the action is
quarantine. If the user cannot write into the quarantine directory, bdscan will exit
with error when the quarantine action is invoked.
72
bdscan Manual Pages
--conf-file=file
Sets the alternate location of the configuration file. If this file is not valid, bdscan
will exit with an error message. By default, the configuration is read from
/etc/BitDefender-scanner/bdscan.conf on Linux systems and from
/usr/local/etc/bitdefender-scanner/bdscan.conf on FreeBSD systems.
There is also a local configuration file located at
~/.config/BitDefender-scanner/bdscan.conf, the user being able to partially
or even totally override the system-wide configuration.
--log[=file.log]
Specifies that bdscan should log its activity to the mentioned file. If the user has
no right to write this file, the output will be an error message and the default file
will be used. The default file is /opt/BitDefender-scanner/var/log/bdscan.log.
--log-overwrite
Specifies that bdscan should not append the new output to the existing log file.
The old log file content will be replaced by the new one.
--no-list
Specifies that bdscan should not list all the scanned files. This option can speed
up the scanning process.
--no-warnings
Specifies that bdscan should not display warnings. Warnings are displayed in
case part of a virus signature has been found.
--verbose
Specifies that bdscan should output detailed messages.
--update
Specifies that bdscan should automatically update the virus signatures.
--force-insecure-update
Instructs bdscan to download updates without verifying the server signature file.
This option is not recommended, but may be useful if regular update fails.
--virus-list
Displays the virus list. This could cause a lot of information to be displayed.
73
Manual Pages bdscan
--info
Prints information about the products version, current number of virus signatures,
last update time, scan engine number, archive engines, unpack engines, mail
engines and system engines.
--version
Displays a short message containing the version information and the copyright
note.
--encode=password
Encrypts the password you provide. You can use this option to encrypt the proxy
user password and then copy the hash in the configuration file.
--help
Displays the help message.
Actions
When an infected object is found, bdscan can be instructed to perform one of the
following actions:
disinfect
BitDefender will try to disinfect the object by removing the infected or suspected
part. The action can sometimes fail.
quarantine
The object will be moved from its original location to a secured directory, the
quarantine.
delete
The object will be simply removed from the filesystem
ignore
Even if infected objects are found, BitDefender will just report them and no action
will be performed. This is the default action.
Examples
# bdscan --no-archive --verbose --action=disinfect /var/tmp
74
bdscan Manual Pages
In the command line above, bdscan is instructed to scan the /var/tmp directory,
archives excluded, display detailed messages and try to disinfect the files.
In the command line above, bdscan is instructed to scan the /var/tmp directory,
mailboxes excluded, log its activity into the /tmp/bdscan.log file and quarantine the
infected files.
Files
/etc/BitDefender-scanner/bdscan.conf
The system-wide configuration file of bdscan on Linux systems. The user
configuration overrides the system-wide configuration.
/usr/local/etc/bitdefender-scanner/bdscan.conf
The system-wide configuration file of bdscan on FreeBSD systems. The user
configuration overrides the system-wide configuration.
~/.config/BitDefender-scanner/bdscan.conf
The user configuration file of bdscan. The user configuration overrides the
system-wide configuration.
Bugs
Sometimes, bdscan may hang while scanning directories which contain pipes or UNIX
socket files. To avoid this behavior, try to use it on regular files exclusively.
Although highly unlikely, bdscan may crash while scanning files. If this is the case,
you should update the scan engines and the virus signatures and definitions.
See also
Please also refer to the printed and on-line BitDefender documentation at
http://www.bitdefender.com.
75
Manual Pages bdscan
76
Graphical User Interface Scanner
# bdgui
Note
You can run this command both as a root and as a regular user.
• On Xfce desktops, either click the Xfce menu or right-click the desktop, and then
follow this path: System → BitDefender Scanner.
79
14 Graphical User
Interface
Getting Started
Scanner
BitDefender GUI
Button Description
Scanner. Click it to start scanning your computer for viruses
and other malware.
80
Getting Started Graphical User
Interface 14
Scanner
Show/Hide
Display/Hide the main interface.
Exit
Exit the application.
• Drag&drop the file or directory you want to scan on the main window.
• Click the Scanner button, select the file or directory you want to scan and click
Open.
• If you have configured BitDefender to run in the background, you can use the file
drop zone. For more information, please refer to Chapter 16 “File Drop Zone” (p.
97).
To scan your computer for viruses and other malware, follow these steps:
81
14 Graphical User
Interface
Getting Started
Scanner
Choose location
3. BitDefender will start scanning the selected objects. Wait for BitDefender to finish
scanning.
82
Getting Started Graphical User
Interface 14
Scanner
Scanning
You can see the scanning location, status and statistics (scanning speed, elapsed
time, number of scanned / infected / suspicious / hidden objects and other).
Note
The scanning process may take a while, depending on the complexity of the scan.
You can stop scanning anytime you want by clicking Cancel. You will go directly
to the last step of the wizard.
4. When the scanning is completed, a new window will appear, where you can see
the scan results.
Note
You will skip this step if no threats are found.
83
14 Graphical User
Interface
Getting Started
Scanner
Actions
You can see the number of issues affecting your system. To find out more
information about a specific threat detected on your system, just click it.
You can choose an overall action to be taken for all issues or you can select
separate actions for each group of issues.
The following options can appear on the menu:
Action Description
Take No Action No action will be taken on infected files.
Disinfect Removes the malware code from the infected files.
Delete Removes the infected files from the disk.
Quarantine Moves the infected files from their original location to
the quarantine folder.
84
Getting Started Graphical User
Interface 14
Scanner
Fix issues
5. When BitDefender has finished fixing the issues, click Close and then Finish. The
scan results will appear in a new window.
Summary
85
14 Graphical User
Interface
Getting Started
Scanner
Note
As a best practice, you should update BitDefender before scanning files or folders from
your computer.
The update of the malware signatures is only performed on demand. The update
process is very simple, quick and effective.
To update BitDefender, follow these steps:
Updating BitDefender
86
Getting Started Graphical User
Interface 14
Scanner
1. Click the Set new key button. A new window will appear.
87
14 Graphical User
Interface
Getting Started
Scanner
Link Description
Tips Click it to open the tips window.
Log viewer Click it to view the scan logs.
Help Click it to open the help file.
About Click it to find out more information about BitDefender
Antivirus Scanner for Unices.
14.4.1. Tips
Whenever you start BitDefender, a tips window is displayed on top of the main interface.
Tips Window
Tips provide useful information on how to use BitDefender. Use the corresponding
links to go to the next tip or to return to the previous tip.
If you no longer want to see the tips when you start BitDefender, clear the Show these
tips when application starts check box. Click the Close button to close the window.
You can open the tips window at any time by clicking the Tips link.
88
Getting Started Graphical User
Interface 14
Scanner
Note
The default directory where logs are saved is:
$HOME/.local/share/BitDefender-scanner/logs
To view a scan log, open the Log Viewer by clicking the Log Viewer link.
Log Viewer
Select the scan log from the left side menu to view information about the respective
scan process.
In time, the number of logs displayed in the Log Viewer will increase, making it difficult
to browse logs. To clear the Log Viewer, you must delete the logs directory manually,
from the command line. The directory will be automatically created the next time you
scan your computer.
89
14 Graphical User
Interface
Getting Started
Scanner
About
90
Configuring BitDefender Graphical User
Interface 15
Scanner
• In order to be able to start scanning tasks quickly, you can pre-load the antivirus
engines at startup..
• A specific location can be set both for the quarantined files and for the log files.
• If your computer is connected to the Internet through a proxy server, you can
configure the proxy settings.
To access these settings and customize your BitDefender Antivirus Scanner for Unices,
click the Settings button. A new window will appear.
Configuring BitDefender
91
15 Graphical User
Interface
Configuring BitDefender
Scanner
• General Settings
• Scan Settings
• Update Settings
• Logging Settings
Change the settings according to your needs and click the Save button to save the
changes and close the window.
Warning
If your window manager or desktop environment does not provide a system
tray, you should not enable this option.
92
Configuring BitDefender Graphical User
Interface 15
Scanner
Scan on drop
Select this check box to immediately start scanning any file or directory
dropped on the file drop zone.
If you disable this option, the file drop zone acts as a “scan queue” to
which you can add files and directories from multiple sources. You can
then scan all the items in the queue by simply double-clicking the file
drop zone.
Language
You can use this menu to change the language of the BitDefender interface.
Note
You must restart the application for this setting to take effect.
Exclude extensions
This is where you can list the file extensions to be excluded from scanning. Use
: to separate them.
Note
Valid measurement unit specifiers are: b or B for bytes, k or K for kilobytes (1 KB
= 1024 B), m or M for megabytes (1MB = 1024 KB), g or G for gigabytes (1 GB =
1024 MB). Example: 1m512k specifies a maximum size of 1.512 MB.
93
15 Graphical User
Interface
Configuring BitDefender
Scanner
Warning
It is considered an error to specify more than 1023 of a given sub-unit. For example,
1024k is invalid because 1024 kilobytes is equal to 1 megabyte (the correct form
is 1m). Setting an incorrect value here will cause the application to silently ignore
this setting.
Maximum level
This is where you can specify the maximum recursion level when processing
archives inside archives. To scan all archives, regardless of the recursion
level, set the limit to 0. Higher values provide increased detection at the cost
of higher system resource usage during scanning.
Quarantine directory
This is where you can specify a fully-qualified path to a directory where infected
files will be moved when the Quarantine option is selected. The directory will be
created if it does not already exist.
Note
The default quarantine directory is:
$HOME/.local/share/BitDefender-scanner/quarantine
Update server
This is where you can set the server to be queried for updated malware signatures.
Proxy host
Type the host name or the IP address of the proxy server and the port used
to connect to the proxy server. They must be specified as follows:
host[:port].
94
Configuring BitDefender Graphical User
Interface 15
Scanner
Proxy user
Type a user name recognized by the proxy server. The user name must be
specified as follows: [domain\]username.
Leave the field blank if the proxy server does not require authentication.
Password
Type the password of the specified user.
Leave the field blank if the proxy server does not require authentication.
Logging enabled
By selecting this check box, BitDefender will create and manage detailed log files
recording the actions it performs.
Log directory
This is where you can specify a fully-qualified path to a directory where log
files will be stored. The directory will be created if it does not already exist.
Note
The default directory where logs are saved is:
$HOME/.local/share/BitDefender-scanner/logs
95
15 Graphical User
Interface
Configuring BitDefender
Scanner
96
File Drop Zone Graphical User
Interface 16
Scanner
3. Select the Keep the application running in the background check box.
• Immediate scanning - an object is scanned as soon as you drop it on the file drop
zone. This is the default setting.
• Queued scanning - you drag&drop the objects to be scanned on the file drop zone
and then manually start the scan.
97
16 Graphical User
Interface
File Drop Zone
Scanner
Drag Object
Drop Object
You must follow the Antimalware Scan wizard to complete the scan.
When queued scanning is in use, you can notice a number in the center of the file
drop zone. This number indicates how many objects are in the scan queue.
To perform queued scanning, follow these steps:
1. Drag&drop the files and directories you want to scan on the file drop zone.
98
File Drop Zone Graphical User
Interface 16
Scanner
Manage Queue
To remove specific objects from the queue, select them and click Remove selected.
If you want to remove all objects from the queue, just click Clear.
Click the Close button to close the window.
99
16 Graphical User
Interface
File Drop Zone
Scanner
100
Getting Help
Getting Help
Getting Help
Support Getting Help
17
17. Support
BitDefender strives to provide its customers with an unparalleled level of fast and
accurate support. If you experience any issue with or if you have any question about
your BitDefender product, go to our online Support Center. It provides several resources
that you can use to quickly find a solution or an answer. Or, if you prefer, you can
contact the BitDefender Customer Care team. Our support representatives will answer
your questions in a timely manner and they will provide you with the assistance you
need.
• Product Documentation
You can also use your favorite search engine to find out more information about
computer security, the BitDefender products and the company.
103
17 Getting Help Support
customers with the technical knowledge and insight they need. All valid requests for
information or bug reports coming from BitDefender clients eventually find their way
into the BitDefender Knowledge Base, as bugfix reports, workaround cheatsheets or
informational articles to supplement product helpfiles.
The BitDefender Knowledge Base for business products is available any time at
http://www.bitdefender.com/businesshelp.
Product Documentation
Product documentation is the most complete source of information about your product.
You can check and download the latest version of documentation for BitDefender
business products at Support Center > Documentation.
1. Go to http://enterprise.bitdefender.com/support/contact-us.html.
2. Use the contact form to open an email support ticket or access other available
contact options.
104
Support Getting Help
17
17.3. Contact Information
Efficient communication is the key to a successful business. During the past 10 years
BITDEFENDER has established an unquestionable reputation by constantly striving
for better communication so as to exceed the expectations of our clients and partners.
Should you have any questions, do not hesitate to contact us.
United States
BitDefender, LLC
PO Box 667588
Pompano Beach, Fl 33066
United States
Phone (sales&technical support): 1-954-776-6262
Sales: <sales@bitdefender.com>
Web: http://www.bitdefender.com
Support Center: http://www.bitdefender.com/businesshelp
105
17 Getting Help Support
Germany
BitDefender GmbH
Airport Office Center
Robert-Bosch-Straße 2
59439 Holzwickede
Deutschland
Phone (office&sales): +49 (0)2301 91 84 222
Phone (technical support): +49 (0)2301 91 84 444
Sales: <vertrieb@bitdefender.de>
Website: http://www.bitdefender.de
Support Center: http://www.bitdefender.de/businesshelp
UK and Ireland
Genesis Centre Innovation Way
Stoke-on-Trent, Staffordshire
ST6 4BF
UK
Phone (sales&technical support): +44 (0) 8451-305096
Email: <info@bitdefender.co.uk>
Sales: <sales@bitdefender.co.uk>
Website: http://www.bitdefender.co.uk
Support Center: http://www.bitdefender.co.uk/businesshelp
Spain
BitDefender España, S.L.U.
Avda. Diagonal, 357, 1º 1ª
08037 Barcelona
España
Fax: (+34) 93 217 91 28
Phone (office&sales): (+34) 93 218 96 15
Phone (technical support): (+34) 93 502 69 10
Sales: <comercial@bitdefender.es>
Website: http://www.bitdefender.es
Support Center: http://www.bitdefender.es/businesshelp
Romania
BITDEFENDER SRL
106
Support Getting Help
17
West Gate Park, Building H2, 24 Preciziei Street
Bucharest, Sector 6
Fax: +40 21 2641799
Phone (sales&technical support): +40 21 2063470
Sales: <sales@bitdefender.ro>
Website: http://www.bitdefender.ro
Support Center: http://www.bitdefender.ro/businesshelp
107
17 Getting Help Support
108
Glossary
Glossary
ActiveX
ActiveX is a model for writing programs so that other programs and the operating
system can call them. The ActiveX technology is used with Microsoft Internet
Explorer to make interactive Web pages that look and behave like computer
programs, rather than static pages. With ActiveX, users can ask or answer
questions, use push buttons, and interact in other ways with the Web page.
ActiveX controls are often written using Visual Basic.
Active X is notable for a complete lack of security controls; computer security
experts discourage its use over the Internet.
Archive
A disk, tape, or directory that contains files that have been backed up.
A file that contains one or more files in a compressed format.
Backdoor
A hole in the security of a system deliberately left in place by designers or
maintainers. The motivation for such holes is not always sinister; some operating
systems, for example, come out of the box with privileged accounts intended for
use by field service technicians or the vendor's maintenance programmers.
Boot sector
A sector at the beginning of each disk that identifies the disk's architecture (sector
size, cluster size, and so on). For startup disks, the boot sector also contains a
program that loads the operating system.
Boot virus
A virus that infects the boot sector of a fixed or floppy disk. An attempt to boot
from a diskette infected with a boot sector virus will cause the virus to become
active in memory. Every time you boot your system from that point on, you will
have the virus active in memory.
Browser
Short for Web browser, a software application used to locate and display Web
pages. The two most popular browsers are Netscape Navigator and Microsoft
109
Glossary
Internet Explorer. Both of these are graphical browsers, which means that they
can display graphics as well as text. In addition, most modern browsers can
present multimedia information, including sound and video, though they require
plug-ins for some formats.
Command line
In a command line interface, the user types commands in the space provided
directly on the screen using command language
Cookie
Within the Internet industry, cookies are described as small files containing
information about individual computers that can be analyzed and used by
advertisers to track your online interests and tastes. In this realm, cookie
technology is still being developed and the intention is to target ads directly to
what you've said your interests are. It's a double-edge sword for many people
because on one hand, it's efficient and pertinent as you only see ads about what
you're interested in. On the other hand, it involves actually "tracking" and
"following" where you go and what you click. Understandably so, there is a debate
over privacy and many people feel offended by the notion that they are viewed
as a "SKU number" (you know, the bar code on the back of packages that gets
scanned at the grocery check-out line). While this viewpoint may be extreme, in
some cases it is accurate.
Disk drive
It's a machine that reads data from and writes data onto a disk.
A hard disk drive reads and writes hard disks.
A floppy drive accesses floppy disks.
Disk drives can be either internal (housed within a computer) or external (housed
in a separate box that connects to the computer).
Download
To copy data (usually an entire file) from a main source to a peripheral device.
The term is often used to describe the process of copying a file from an online
service to one's own computer. Downloading can also refer to copying a file from
a network file server to a computer on the network.
E-mail
Electronic mail. A service that sends messages on computers via local or global
networks.
110
Glossary
Events
An action or occurrence detected by a program. Events can be user actions, such
as clicking a mouse button or pressing a key, or system occurrences, such as
running out of memory.
False positive
Occurs when a scanner identifies a file as infected when in fact it is not.
Filename extension
The portion of a filename, following the final point, which indicates the kind of
data stored in the file.
Many operating systems use filename extensions, e.g. Unix, VMS, and MS-DOS.
They are usually from one to three letters (some sad old OSes support no more
than three). Examples include "c" for C source code, "ps" for PostScript, "txt" for
arbitrary text.
Heuristic
A rule-based method of identifying new viruses. This scanning method does not
rely on specific virus signatures. The advantage of the heuristic scan is that it is
not fooled by a new variant of an existing virus. However, it might occasionally
report suspicious code in normal programs, generating the so-called "false
positive".
IP
Internet Protocol - A routable protocol in the TCP/IP protocol suite that is
responsible for IP addressing, routing, and the fragmentation and reassembly of
IP packets.
Java applet
A Java program which is designed to run only on a web page. To use an applet
on a web page, you would specify the name of the applet and the size (length
and width--in pixels) that the applet can utilize. When the web page is accessed,
the browser downloads the applet from a server and runs it on the user's machine
(the client). Applets differ from applications in that they are governed by a strict
security protocol.
For example, even though applets run on the client, they cannot read or write
data onto the client's machine. Additionally, applets are further restricted so that
they can only read and write data from the same domain that they are served
from.
111
Glossary
Macro virus
A type of computer virus that is encoded as a macro embedded in a document.
Many applications, such as Microsoft Word and Excel, support powerful macro
languages.
These applications allow you to embed a macro in a document, and have the
macro execute each time the document is opened.
Mail client
An e-mail client is an application that enables you to send and receive e-mail.
Memory
Internal storage areas in the computer. The term memory identifies data storage
that comes in the form of chips, and the word storage is used for memory that
exists on tapes or disks. Every computer comes with a certain amount of physical
memory, usually referred to as main memory or RAM.
Non-heuristic
This scanning method relies on specific virus signatures. The advantage of the
non-heuristic scan is that it is not fooled by what might seem to be a virus, and
does not generate false alarms.
Packed programs
A file in a compression format. Many operating systems and applications contain
commands that enable you to pack a file so that it takes up less memory. For
example, suppose you have a text file containing ten consecutive space
characters. Normally, this would require ten bytes of storage.
However, a program that packs files would replace the space characters by a
special space-series character followed by the number of spaces being replaced.
In this case, the ten spaces would require only two bytes. This is just one packing
technique - there are many more.
Path
The exact directions to a file on a computer. These directions are usually described
by means of the hierarchical filing system from the top down.
The route between any two points, such as the communication channel between
two computers.
Polymorphic virus
A virus that changes its form with each file it infects. Since they have no consistent
binary pattern, such viruses are hard to identify.
112
Glossary
Port
An interface on a computer to which you can connect a device. Personal
computers have various types of ports. Internally, there are several ports for
connecting disk drives, display screens, and keyboards. Externally, personal
computers have ports for connecting modems, printers, mice, and other peripheral
devices.
In TCP/IP and UDP networks, an endpoint to a logical connection. The port number
identifies what type of port it is. For example, port 80 is used for HTTP traffic.
Report file
A file that lists actions that have occurred. BitDefender maintains a report file
listing the path scanned, the folders, the number of archives and files scanned,
how many infected and suspicious files were found.
Script
Another term for macro or batch file, a script is a list of commands that can be
executed without user interaction.
Startup items
Any files placed in this folder will open when the computer starts. For example,
a startup screen, a sound file to be played when the computer first starts, a
reminder calendar, or application programs can be startup items. Normally, an
alias of a file is placed in this folder rather than the file itself.
TCP/IP
Transmission Control Protocol/Internet Protocol - A set of networking protocols
widely used on the Internet that provides communications across interconnected
networks of computers with diverse hardware architectures and various operating
systems. TCP/IP includes computer communication standards and conventions
for network connections and traffic routing.
Trojan
A destructive program that masquerades as a benign application. Unlike viruses,
Trojan horses do not replicate themselves but they can be just as destructive.
One of the most insidious types of Trojan horse is a program that claims to rid
your computer of viruses but instead introduces viruses onto your computer.
The term comes from a story in Homer's Iliad, in which the Greeks give a giant
wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after
the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the
113
Glossary
horse's hollow belly and open the city gates, allowing their compatriots to pour in
and capture Troy.
Update
A new version of a software or hardware product designed to replace an older
version of the same product. In addition, update installation routines often check
to make sure that an older version is already installed on your computer; if not,
you cannot install the update.
BitDefender has its own update module that allows you to manually check for
updates, or let it automatically update the product.
Virus
A program or piece of code that is loaded onto your computer without your
knowledge and runs against your will. Most viruses can also replicate themselves.
All computer viruses are manmade. A simple virus that can copy itself over and
over again is relatively easy to produce. Even such a simple virus is dangerous
because it will quickly use all available memory and bring the system to a halt.
An even more dangerous type of virus is one capable of transmitting itself across
networks and bypassing security systems.
Virus definition
The binary pattern of a virus, used by the antivirus program to detect and eliminate
the virus.
Worm
A program that propagates itself over a network, reproducing itself as it goes. It
cannot attach itself to other programs.
114